package cn.uin.domain.auth.service.user.login.email;

import cn.uin.domain.auth.adapter.repository.IAuthRepository;
import cn.uin.domain.auth.model.entity.HomeMenuEntity;
import cn.uin.domain.auth.model.entity.HomeRoleEntity;
import cn.uin.domain.auth.model.entity.HomeUserEntity;
import cn.uin.types.enums.ResponseCode;
import cn.uin.types.exception.AppException;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.util.CollectionUtils;
import org.springframework.util.ObjectUtils;

import java.io.Serializable;
import java.util.*;
import java.util.stream.Collectors;

/**
 * @Auther: uIn
 * @Date: 2025/10/26 - 10 - 26 - 17:02
 * @Description: 邮箱登录认证信息处理
 * @version: 1.0
 */
@Slf4j
public class EmailLoginProvider implements AuthenticationProvider, Serializable {

    private IAuthRepository iAuthRepository;

    public EmailLoginProvider(IAuthRepository iAuthRepository) {
        this.iAuthRepository = iAuthRepository;
    }

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!supports(authentication.getClass())) {
            return null;
        }
        EmailCodeAuthenticationToken emailCodeAuthenticationToken = (EmailCodeAuthenticationToken) authentication;
        String email = (String) emailCodeAuthenticationToken.getPrincipal();
        HomeUserEntity homeUserEntity = iAuthRepository.queryUserByUserEmail(email);
        if (ObjectUtils.isEmpty(homeUserEntity)) {
            throw new AppException(ResponseCode.A0009.getCode(), ResponseCode.A0009.getInfo());
        }

        EmailCodeAuthenticationToken truthToken = new EmailCodeAuthenticationToken(email, buildAuthority(homeUserEntity.getUsername()));
        truthToken.setDetails(emailCodeAuthenticationToken.getDetails());
        return truthToken;
    }

    /**
     * 构建用户权限菜单
     * @param username
     * @return
     */
    private Collection<? extends GrantedAuthority> buildAuthority(String username) {
        // 根据用户名获取权限菜单
        List<HomeMenuEntity> menus = iAuthRepository.queryMenusByUserName(username);
        List<SimpleGrantedAuthority> authorities = new ArrayList<>();
        if (!CollectionUtils.isEmpty(menus)) {
            for (HomeMenuEntity authority : menus) {
                SimpleGrantedAuthority auth = new SimpleGrantedAuthority(authority.getMenuCode());
                authorities.add(auth);
            }
        }
        return authorities;
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return (EmailCodeAuthenticationToken.class.isAssignableFrom(authentication));
    }
}
